[jcifs] NTLM authentication through apache
Eric Glass
eric.glass at gmail.com
Tue Aug 10 23:20:34 GMT 2004
It's likely that Apache is closing the connection at some point. For
IE to work, it needs a persistent connection from the Type 1 message
on. Mozilla is more tolerant of connection closes, which would
explain why that browser works.
I'm not terribly familiar with Apache configuration, but see this:
http://lists.samba.org/archive/jcifs/2004-January/002906.html
This sounds similar to what you're getting. If that doesn't work, you
can send me a packet capture and I'll have a look.
Eric
On Tue, 10 Aug 2004 18:05:17 +0000 (UTC), Al <apotti at umich.edu> wrote:
> Hi,
>
> I'm trying to use NTLM authentication for a group of servlets housed on Tomcat
> (5.0) through Apache (1.3.x using mod_jk). I've installed jCIFS and tried
> authentication through Mozilla and was sucessful (thus, the filter mappings
> are correct, no NETBIOS naming problems, no network difficulties, etc). The
> ports for Tomcat and Apache are their default values (8080 for Tomcat, 80 for
> apache)
>
> However, when I try to use NTLM through IE, I get a blank screen. So either
> authentication is successfuly but the server doesn't know it, or it fails to
> get either a NACK or ACK or something. I looked through the error logs of both
> Apache and Tomcat and found nothing. No exception reports or anything.
> However, when i directly connect to the tomcat server
> (http://url:8080/webapp/), i authenticate successfully. So I'm thinking there
> is something between the Apache and Tomcat communcation that is messing
> something up. Explicitly defining the port doesn't matter for Mozilla,
> although it prompts for re-verification (as expected).
>
> So am I missing some specific configuration if jCIFS is expected to work
> through Apache?. I'm probably doing something boneheaded, but I can't find
> what it is. I have the tcpdump if anyone wants it (and there are no proxy
> servers involved this time).
>
> Alvin
>
> PS: If all else fails, is there a setting that forces a prompt asking for
> username/password. It defeats the purpose of transparency, but specifying the
> port number in links to your web app is bad too....(lesser of two evils?)
>
>
More information about the jcifs
mailing list